[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255227

 
 

909

 
 

198741

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15249 Download | Alert*

Multiple integer overflow and buffer overflow issues were discovered in spice-client"s handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.

Samba AD users can bypass certain restrictions associated with changing passwords. The KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password can exploit this to obtain and use tickets to other services.

Samba AD users can bypass certain restrictions associated with changing passwords. The KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password can exploit this to obtain and use tickets to other services.

A vulnerability was found in MIT krb5. This flaw allows an authenticated attacker to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service. A privileged attacker may similarly be able to cause a Kerberos or GSS application service to crash.

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object`: {% highlight c %} if { size_t outlen; int offs = _ykpiv_get_length; if { return YKPIV_SIZE_ERROR; } memmove; *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove` o ...

A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data`: {% highlight c %} if { fprintf; } if { memcpy; out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy`, but no error ...

The POWER9 backend in GNU Compiler Collection before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn call may be the same.

In FFmpeg 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.

improper implementation of GPOs due to too restrictive permissions

Resource exhaustion via TCP connection to port serving the SSL endpoint


Pages:      Start    968    969    970    971    972    973    974    975    976    977    978    979    980    981    ..   1524

© SecPod Technologies